Secure German data protection

Privacy policy

Data protection

We take the protection of your personal data very seriously. Your personal data will be treated confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Visiting our website is generally possible without providing personal data. If personal data (e.g. name, address or email address) is collected on our pages, this is done with your consent. This data will not be passed on to third parties without your express consent.

We point out that data transmission over the Internet (eg communication by email) security gaps. A complete protection of data against access by third parties is not possible.

In accordance with the EU General Data Protection Regulation (GDPR ), we inform you here in detail about the personal data that we collect and process from you when you visit our website, contact us or use our service. Furthermore, we make you aware of your rights and how you can exercise them (right to information).

Visiting our website

When you visit our website, we collect and process information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version, operating system used, referrer, URL, host name of the accessing computer, time of the server request and IP address.

This data cannot be assigned to specific persons. A combination of this data with other data sources is not made. We reserve the right to check this data retrospectively if we become aware of concrete indications of illegal use.

Data type	Category	Group of persons	Purpose of processing	Duration	Reason	Deletion
IP address	Identification data	Website visitor	Technical processing by the web server	90 days	Visitor statistics	automatic

Telephone contact

If you contact us by telephone, we store your telephone number, if this has been communicated to us, in the call history.

Data type	Category	Group of persons	Purpose of processing	Duration	Reason	Deletion
Phone number	Communication data	Customers, employees, suppliers, commercial and private persons	Communication data	90 days	Call history	automatic

Direct contact by email

If you contact us by email (enquiry, promotion, any type whatsoever of direct response), we store your communication and identifier data.

Data type	Category	Group of persons	Purpose of processing	Duration	Reason	Deletion
Email address	Communication data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Salutation	Personal data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
First name	Personal data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Name	Personal data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Company name	Address data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Addition / Department	Address data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Position	Personal data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Street / house number	Address data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Postcode, city	Address data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years>	Communication history, queries	After 2 years, or upon request
Country	Address data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Phone number	Communication data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Fax number	Communication data	Interested parties, customers, service providers, applicants, employees	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request

Contact form on our website

If you send us inquiries via the contact form, your data from the inquiry form including the contact data you provided there will be stored in our CRM system for the purpose of processing the inquiry and in case of follow-up questions.

Data type	Category	Group of persons	Purpose of processing	Duration	Reason	Deletion
Email address	Communication data	Interested parties, customers, employees, anyone who fills out the contact form	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Salutation	Personal data	Interested parties, customers, employees, anyone who fills out the contact form	Quotation request, support service, communication	2 years>	Communication history, queries	After 2 years, or upon request
First name	Personal data	Interested parties, customers, employees, anyone who fills out the contact form	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Name	Personal data	Interested parties, customers, employees, anyone who fills out the contact form	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Company name	Address data	Interested parties, customers, employees, anyone who fills out the contact form	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Phone number	Communication data	Interested parties, customers, employees, anyone who fills out the contact form	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request
Comment / Message	Personal data	Interested parties, customers, employees, anyone who fills out the contact form	Quotation request, support service, communication	2 years	Communication history, queries	After 2 years, or upon request

Registering on our website to use easyfeedback

You can register on our website to use the functions of easyfeedback. The data you use for registration is only required for the purpose of using our offer for which you have registered.

For important changes, for example regarding the scope of the offer or in the case of technically necessary changes, we use the email address provided during registration to inform you in this way.

Data type	Category	Group of persons	Purpose of processing	Duration	Reason	Deletion
Salutation	Personal data	Interested parties, customers	Communication	unlimited	Time unlimited provision of the service	Independent, upon request; After retention requirement in a contractual relationship
First name	Personal data	Interested parties, customers	Communication	unlimited	Time unlimited provision of service	Independent, upon request; Upon retention requirement in a contractual relationship
Name	Personal data	Interested parties, customers	Communication	unlimited	Time unlimited provision of service	Independent, upon request; Upon retention requirement in a contractual relationship
Email address	Communication data, login data	Interested parties, customers	Quotation provision	unlimited	Time unlimited service provision	Independent, upon request; After retention requirement in a contractual relationship
Password	Login data	Interested parties, customers	Provider readiness	unlimited	Time unlimited service provision	Independent, or upon request
Newsletter consent	Communication data	Interested parties, customers	Newsletter distribution	unlimited	Newsletter dispatch and communication	Independent, or upon request
Language settings (DE; EN)	Personal settings	Interested parties, customers	Personal settings	unlimited	Outputting the service in different languages	Independent, or upon request
Time zone	Personal settings	Interested parties, customers	Personal settings	unlimited	Displaying information in the correct date format	Independent, or upon request
Date & time format	Personal settings	Interested parties, customers	Personal settings	unlimited	Displaying information in the correct date format	Independent, or upon request
Logs (motion steps)	Usage data	Interested parties, customers	Documentation	6 months	Individual coverage in case of dispute	automatic
IP address	Usage data	Interested parties, customers	Documentation	6 months	Individual coverage in case of dispute	automatic
Cookie in browser (SessionID for login)	Usage data	Interested parties, customers	Offer provision	unlimited	Providing the service	Independent, or upon request
Date of registration	Usage data	Interested parties, customers	Documentation	unlimited	Internal documentation	Independent, or upon request

Newsletter registration/unsubscription

If you secure an account on our website for the use of easyfeedback, you can agree to receive a newsletter. We will only use this consent to inform you about product enhancements, tips and other information by email.

Via your account, you can object to the consent at any time or consent again.

Processing of data

We collect, process and use personal data only to the extent necessary for the establishment, content or modification of the legal relationship. We collect, process and use personal data about the use of our Internet pages only to the extent necessary to enable the user to use the service or to bill the user.

Supplementary to product registration:

Data type	Category	Group of persons	Purpose of processing	Duration	Reason	Deletion
Company name	Contract data, billing	Customer	Billing for the service ordered	10 years	Legal retention period	According to retention requirement
Addition / Department	Contract data, billing	Customer	Billing of ordered service	10 years	Legal retention period	According to retention requirement
Item	Personal data	Customer	Communication data	10 years	Legal retention period	According to retention requirement
Street / house number	Contract data, billing	Customer	Billing of the ordered service	10 years	Legal retention period	According to retention requirement
Postcode, city	Contract data, billing	Customer	Billing for the service ordered	10 years	Legal retention period	According to retention requirement
Country	Contract data, billing	Customer	Billing for the service ordered	10 years	Legal retention period	According to retention requirement
Phone number	Communication data	Customer	Communication data	10 years	Legal retention period	According to retention requirement
Fax number	Communication data	Customer	Communication data	10 years	Legal retention period	According to retention requirement
Email billing	Billing	Customer	Billing for the service ordered	10 years	Legal retention period	According to retention requirement
Order number	Contract data, billing	Customer	Billing for the service ordered	10 years	Legal retention period	According to retention requirement
Invoice	Billing	Customer	Invoicing of the ordered service	10 years	Legal retention period	According to retention requirement
Payment method	Billing	Customer	Invoicing of the ordered service	10 years	Legal retention period	According to retention requirement
Student record	Contract data	Customer	Review of a school/student activity	1 year	Subsequent verification of accuracy	Independent, or upon request
Order performance	Contract data, billing	Customer	Billing for ordered service	10 years	Legal retention period	According to retention requirement

Data transmission when concluding contracts for services and digital content

We transmit personal data to third parties only if this is necessary in the context of contract processing, such as to the credit institution entrusted with payment processing.

Further transmission of data does not take place or only if you have expressly consented to the transmission.

Server log files when using easyfeedback

Data protection regulations require us to create and document log files of you as a customer. These log files allow us to see which buttons you have clicked and on which page within the customer area you have moved. Likewise, our movements are also documented and stored.

This procedure ensures that we cannot be accused of having deleted or changed files ourselves. We do not create user profiles, sell your data or use it in any other way.

Data type	Category	Group of persons	Purpose of processing	Duration	Reason	Deletion
IP address	Usage data	Interested parties, customers	Documentation	6 months	Individual coverage in case of dispute	automatic
Date	Usage data	Interested parties, customers	Documentation	6 months	Individual coverage in case of dispute	automatic
Time	Usage data	Interested parties, customers	Documentation	6 months	Individual coverage in case of dispute	automatic
URL	Usage data	Interested parties, customers	Documentation	6 months	Individual coverage in case of dispute	automatic
Client number	Usage data	Interested parties, customers	Documentation	6 months	Individual coverage in case of dispute	automatic

Your rights according to the EU General Data Protection Regulation (GDPR)

Article 15

Right of access by the data subject

1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

(a) the purposes of the processing;

(b) the categories of personal data concerned;

(c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

(d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(f) the right to lodge a complaint with a supervisory authority;

(g) where the personal data are not collected from the data subject, any available information as to their source;

(h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46 relating to the transfer.

3. The controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Article 16

Right to rectification

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Article 17

Right to erasure (‘right to be forgotten’)

1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

(c) the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);

(d) the personal data have been unlawfully processed;

(e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

(f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:

(a) for exercising the right of freedom of expression and information;

(b) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(c) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

(d) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(e) for the establishment, exercise or defence of legal claims.

Article 18

Right to restriction of processing

1. The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

(a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

(b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

(d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

3. A data subject who has obtained restriction of processing pursuant to paragraph 1 shall be informed by the controller before the restriction of processing is lifted.

Article 19

Notification obligation regarding rectification or erasure of personal data or restriction of processing

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform the data subject about those recipients if the data subject requests it.

Article 20

Right to data portability

1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

(a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

(b) the processing is carried out by automated means.

2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.

Article 21

Right to object

1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.

5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

6. Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), the data subject, on grounds relating to his or her particular situation, shall have the right to object to processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Your right to complain to a supervisory authority

You have the right to complain at any time to the competent data protection authority. If you wish to exercise your right to complain, you can do so at the following authority:

Rhineland-Palatinate
The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate

P.O. Box 30 40
55020 Mainz

or:

Hintere Bleiche 34
55116 Mainz, Germany

Telephone: +49 (0) 6131 8920-0
Fax: +49 (0) 6131 8920-299

Email: poststelle@datenschutz.rlp.de
Homepage: http://www.datenschutz.rlp.de

SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as requests that you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Cookies

Our internet pages partly use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called session cookies. They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit. You can get an overview of the cookies used here.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Analytics uses so-called cookies. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is § 15 para. 3 TMG or Art. 6 para. 1 lit. f DSGVO. The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 26 months. The deletion of data whose retention period has been reached takes place automatically once a month. For more information on terms of use and data protection, please visit https://marketingplatform.google.com/about/analytics/terms/gb/ or https://policies.google.com/?hl=en .

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, which will prevent the collection of your data during future visits to this website: Disable Google Analytics

For more information on how Google Analytics handles user data, please see Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en

Use of Google Tag Manager

Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

Google Web Fonts

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly. If your browser does not support web fonts, a default font will be will be used by your computer.

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

Within the framework of Google AdWords, we use the so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user’s computer. These cookies lose their validity after 30 days and are not used to personally identify the user.
If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

Each Google AdWords customer receives a different cookie. The cookies cannot be tracked across AdWords customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted in to conversion tracking.
Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users. If you do not wish to participate in the tracking, you can object to this use by easily deactivating the Google conversion tracking cookie via your internet browser under user settings. You will then not be included in the conversion tracking statistics.

You can find more information about Google AdWords and Google conversion tracking in Google’s privacy policy: http://www.google.de/policies/privacy/

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Source: e-recht24.de

Google Remarketing

We use the Google Remarketing service of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland, hereinafter “Google”, on our website. With Google Remarketing, ads can be placed for users who have already visited our website in the past.

Within the Google advertising network, this allows advertisements to be displayed on our site that are tailored to their interests. Google Remarketing uses cookies for this evaluation. Cookies are small text files that are stored on your computer and allow an analysis of the use of the website. This makes it possible to recognize our visitors as soon as they visit websites within the Google advertising network. advertising network. In this way, advertisements can be presented within the Google advertising network that are related to content that the visitor has previously accessed on websites of the Google advertising network that also use Google’s remarketing function.

According to Google, Google does not collect any personal data in this context. You can deactivate this function by making the appropriate settings at https://adssettings.google.com/anonymous .

Source: ratgeberrecht.eu

HubSpot

On our website, we use HubSpot for our online marketing activities. This is an integrated software solution that we use to implement various activities of our online marketing. These are in detail:

– Content Management
– Email marketing (newsletters, mailings, content delivery)
– Social media publishing & reporting
– Contact management (e.g. user segmentation & CRM)
– Landing pages and contact forms.

Our registration service allows visitors to our website to learn more about easyfeedback, download content, and provide their contact information and other demographic information. This information, as well as our website content, is stored on servers operated by our software partner HubSpot. It may be used by us to contact visitors to our website and to determine which of our company’s services are of interest to them. All information we collect is subject to this privacy policy. We use all collected information exclusively to optimize our marketing measures.

Furthermore, to improve the user experience on our website, we use HubSpot’s live chat service “Messages” for sending and receiving messages on some subpages. Upon consent and use of this feature, the following data is transmitted to HubSpot’s servers:

– Content of all chat messages sent and received.
– Context information (e.g. page on which the chat was used)
– Optional: e-mail address of the user (if provided by the user via chat function).

The legal basis for the use of Hubspot’s services is Art. 6 I f GDPR – legitimate interest. Our legitimate interest in using this service is to optimize our marketing measures and improve our service quality on the website.

HubSpot is a software company from the USA with a branch in Ireland.

HubSpot
2nd Floor 30 North Wall Quay
Dublin 1, Ireland,
Phone: +353 1 5187500.

HubSpot is certified under the terms of the “EU – U.S. Privacy Shield Framework” and is subject to TRUSTe ‘s Privacy Seal and the “U.S. – Swiss Safe Harbor” Framework.

More information about HubSpot’s privacy policy
More information from HubSpot regarding the EU data protection regulations
More information from HubSpot regarding cookies used by HubSpot can be found here

If you generally do not want HubSpot to collect data, you can prevent the storage of cookies at any time by changing your browser settings accordingly.

Cookiebot

A web service of the company Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter: cookiebot.com) is reloaded on our website. We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to cookiebot.com. The legal basis for the data processing is Art. 6 (1) lit. f GDPR. The legitimate interest consists in a faultless function of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. Further information on the handling of the transmitted data can be found in the privacy policy of cookiebot.com: https://www.cookiebot.com/de/privacy-policy/

You can prevent the collection and processing of your data by cookiebot.com by deactivating the execution of script code in your browser or installing a script blocker in your browser.

Font Awesome A web service of the company Fonticons, 6 Porter Road, Apartment 3R, MA 02140 Cambridge, United States of America (hereinafter: Font Awesome) is reloaded on our website. If you have activated JavaScript in your browser and have not installed a JavaScript blocker, your browser may transmit personal data to Font Awesome. For further information on the handling of the transmitted data, please refer to Font Awesome’s privacy policy: https://fontawesome.com/privacy You can prevent the collection as well as the processing of your data by Font Awesome by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

Hotjar

This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool used to analyse your user behaviour on our website. Hotjar allows us to record, among other things, your mouse movements, scrolling movements and clicks.

Hotjar uses cookies. In particular, these cookies allow us to determine whether our website has been visited with a particular end device or whether the Hotjar functions have been deactivated for the browser in question. Hotjar cookies remain on your terminal device until you delete them.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

The use of Hotjar and the storage of Hotjar cookies is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise its website.

Deactivating Hotjar

If you would like to deactivate the data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/

Please note that deactivating Hotjar must be done separately for each browser or end device.

For more information about Hotjar and the data it collects, please see Hotjar’s privacy policy at the following link: https://www.hotjar.com/privacy/

Microsoft Clarity

We use the web analysis software Microsoft Clarity for our website. The service provider is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft also processes your data in the USA, among other places. Clarity or Microsoft is an active participant in the EU-US Data Privacy Framework, which regulates the correct and secure transfer of personal data from EU citizens to the USA. You can find more information on this at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en .

Microsoft also uses so-called standard contractual clauses (= Art. 46 (2) and (3) GDPR). Standard Contractual Clauses (SCCs) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to third countries (such as the USA) and stored there.

Through the EU-US Data Privacy Framework and the standard contractual clauses, Microsoft undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA.

These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

You can find more information on the standard contractual clauses at Microsoft at
https://learn.microsoft.com/en-us/compliance/regulatory/offering-eu-model-clauses

You can find out more about the data that is processed through the use of Microsoft in the privacy policy at https://www.microsoft.com/en-us/privacy .

Google Sign-In

We offer you the possibility to register and log in with Google Sign-In. This is done exclusively with your express consent in accordance with Art. 6 (1) lit. f GDPR. Google Sign-In is a service of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. An additional registration or login is therefore not necessary. To log in or register, you will be redirected to the Google page, where you can log in with your user data. This will link your Google profile or your Google e-mail address and our service. Through the link, we automatically receive the following data from Google Ireland Limited:

First and last name, email address, gender and Your Google user ID (if different from your email address)

We use the above data to complete the user profile. This information is mandatory for our services to be able to identify you.

For more information on Google Sign-In and privacy settings, please refer to the privacy policy (https://policies.google.com/privacy ) and terms of use (https://policies.google.com/terms ) of Google Ireland Limited.

Calendly

We have concluded an order agreement with Calendly so that the data provided by you is processed for us in accordance with instructions and orders. Since it cannot be ruled out that the data will also be processed in a third country (USA), we have concluded an agreement with Calendly in accordance with the EU standard contractual clauses, so that secure data processing is also guaranteed here. You can also find more information at https://calendly.com/pages/dpa .

If you would like to make an appointment with us, you can use the form provided. The data you provide will then be transmitted to the respective contact person via Calendly and the data will be entered in our calendar (Mac Mail). In addition, the data can be viewed by us in the login area of Calendly and is stored there.

The purpose of processing the data provided is to be able to make an appointment, process the contact request and get in touch with you.

The legal basis for the processing of personal data described here is Art. 6 (1) lit. f GDPR. Our legitimate interest is to offer you the possibility to make appointments with us independently. This simplifies the coordination regarding appointments and enables an efficient appointment arrangement.

The personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

In addition to Calendly, the recipient of the data is also our server host (e-mail server), which also works for us within the framework of a commissioned data agreement.

Zoom

We use the “Zoom” tool to hold telephone conferences, online meetings, video conferences and / or webinars (hereinafter: “Online Meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc., which is based in the United States.

Easyfeedback GmbH is responsible for data processing that is directly related to the implementation of “online meetings”.
Note: If you access the “Zoom” website, the provider of “Zoom” is responsible for the data processing.

When using “Zoom” different types of data are processed. The scope of the data also depends on the information you provide about data before or when participating in an “online meeting”.

The following personal data are processed:

User information: first name, last name, telephone (optional), email address, password (if “single sign-on” is not used), profile picture (optional),
Department (optional)
Meeting metadata: topic, description (optional), participant IP addresses, device / hardware information

For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

When dialing in with the phone: information on the incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.

Text, audio and video data: You may have the option of using the chat, question or survey functions in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and any video camera on the terminal device are processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the “Zoom” applications.

In order to take part in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.

Scope of processing
We use “Zoom” to conduct “online meetings”. If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording is also displayed in the “Zoom” app.

If necessary for the purpose of logging the results of an online meeting, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we can also process the questions asked by webinar participants for the purpose of recording and following up webinars.

If you are registered as a user with “Zoom”, reports on “Online Meetings” (meeting metadata, data on dialing in, questions and answers in webinars, survey function in webinars) can be saved in “Zoom” for up to one month.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

Legal basis for data processing
Insofar as personal data is processed by employees of Mustermann GmbH, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of “Zoom”, personal data are not required for the establishment, implementation or termination of the employment relationship, but are nevertheless an elementary component when using “Zoom”, Article 6 (1) lit. f) GDPR is applicable the legal basis for data processing. In these cases, we are interested in the effective implementation of “online meetings”.
In addition, the legal basis for data processing when conducting “online meetings” is Article 6 (1) (b) GDPR, insofar as the meetings are held in the context of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 Paragraph 1 lit. f) GDPR. Here, too, we are interested in the effective implementation of “online meetings”.

Recipient / transfer of data
Personal data that are processed in connection with participation in “online meetings” are generally not passed on to third parties unless they are specifically intended to be passed on. Please note that content from “online meetings”, as well as from personal meeting meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of “Zoom” necessarily receives knowledge of the above data, insofar as this is provided for in our order processing contract with “Zoom”.

Data processing outside the European Union
“Zoom” is a service that is provided by a provider from the USA. Processing of personal data also takes place in a third country. We have concluded an order processing contract with the provider of “Zoom” which meets the requirements of Art. 28 GDPR.
On the one hand, an adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. As a supplementary protective measure, we have also made our zoom configuration so that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used for the implementation of “online meetings”.

Google Meet

We use the “Google Meet” service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter “Google Meet”) to conduct online meetings, video conferences and/or webinars.
Different data is processed when Google Meet is used. The scope of the data processed depends on the data you provide before or during participation in an online meeting, video conference or webinar. When using Google Meet, data of the communication participants is processed and stored on Google servers. This data may include, in particular, your login data (name, email address, telephone (optional) and password) and meeting data (topic, participant IP address, device information, description (optional)). In addition, visual and audio contributions from participants as well as voice input in chats can be processed. This may also involve transmission to the servers of Google LLC. in the USA.

When processing personal data that is required to fulfill a contract with you (this also applies to processing operations that are required to carry out pre-contractual measures), Art. 6 para. 1 lit. b GDPR serves as the legal basis. If you have given us your consent to process your data, the processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR. Consent given can be revoked at any time with effect for the future.
Otherwise, the legal basis for data processing when conducting online meetings, video conferences or webinars is our legitimate interest in the effective conduct of the online meeting, webinar or video conference in accordance with Art. 6 para. 1 lit. f GDPR. Further information on the use of data by Google Meet can be found in Google’s privacy policy at https://www.google.de/policies/privacy/

Stripe

On our website we offer, among other things, payment via Stripe and the associated payment methods. The provider of these payment services is

Stripe Payments Europe Ltd
Block 4, Harcourt Centre
Harcourt Road
Dublin 2

If you select payment via Stripe, the payment data you enter will be transmitted to Stripe.

The transmission of your data to Stripe is based on Art. 6 (1) a GDPR (consent) and Art. 6 (1) b GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations. All data required for payment processing are used exclusively for the execution of payments and are transmitted via the “SSL” procedure. Stripe is certified according to PCI DSS. Stripe transfers, processes and, where applicable, stores personal data outside the EU. In doing so, Stripe is subject to the Safe Harbour Agreement. Information on Stripe’s data protection is available here: https://stripe.com/de/privacy

PayPal

On our website we offer, among other things, payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

If you select payment via PayPal, the payment data you enter will be transmitted to PayPal.

The transmission of your data to PayPal is based on Art. 6 para. 1 lit. a GDPR (consent) and Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations.

Data processing through social networks

We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, X (formerly Twitter) etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis

Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights

If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).

Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time

The data collected directly from us via the social media presence will be deleted from our systems as soon as the purpose for their storage lapses, you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.

We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).

Individual social networks

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.

We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum .

You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381

Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/

X (formerly Twitter)

We use the short message service X. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can customize your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization .

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html

For details, see the Twitter Privacy Policy: https://twitter.com/privacy

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn

We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs

For details on how they handle your personal information, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=en

Data transmission to third countries is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.tiktok.com/legal/privacy-policy?lang=en

Responsible party

easyfeedback GmbH
Ernst-Abbe-Strasse 4
56070 Koblenz, Germany
www.easy-feedback.com

Data protection coordinator & contact person:
Dennis Wegner, CEO
Email: privacy – at – easy-feedback.com

March 2024