Data protection

For ecosio, your right to privacy and protection of your personal data is important. We want to make sure that your personal data is in safe hands and are therefore committed to protect your personal data in accordance with the data protection laws applicable in the respective country and our data protection guidelines. In particular, personal data is processed in accordance with the requirements of the GDPR and in accordance with the applicable country-specific data protection regulations (e.g. the applicable data protection regulations in the United Kingdom). The transfer of data for processing within and outside ecosio for the purpose of commissioned processing is based exclusively on commissioned processing agreements. Our privacy policy defines the treatment of data in relation to our website and services that refer to it.

We collect and use personal data of our users only insofar as this is necessary to provide a functional website as well as our contents and services. The collection and use of personal data regularly takes place only after prior consent has been obtained. An exception applies in those cases in which obtaining prior consent is not possible for actual reasons and the processing of the data is permitted by legal regulations. 

If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (for example, if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art 6 (1) lit b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data based on a so-called “data processing agreement”, this is done based on Art 28 GDPR. If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art 44 ff GDPR. We will not use your personal data for purposes incompatible with the processing purposes about which you have been informed unless such use is required or permitted by law or is in your own vital interests. 

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art 6 (1) (a) GDPR serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art 6 (1) c GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art 6 (1) lit f GDPR serves as the legal basis for the processing.

We store your personal data only as long as it’s necessary for the fulfilment or initiation of the contract if we have a legitimate interest or as long as you have not revoked your consent. We delete or block your personal data as soon as the purpose for storing it no longer applies. We adhere to the statutory retention periods for the duration of the storage of personal data.

We use the Google Analytics 4 (“GA4”) version of the Google Analytics service on our website. The service is provided by Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA), whereby the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for the European area (“Google“). Google Analytics is used to analyze website usage by users. Google uses so-called cookies, i.e. text files that are stored on your terminal device. The information collected by the cookies is usually sent to a Google server in the USA and stored there. 

We use GA4 to monitor and improve the performance of our website. This service collects aggregated information about how users access and interact with our site, including pages visited, traffic sources, geographic location, time on page, bounce rate, and event conversions. The data does not include personally identifiable information. The information is used solely to optimize website functionality and content.

GA4 does not log or store IP addresses. The IP address data of website users from the EU is only used to derive location data and is deleted immediately afterwards.

You have the option of preventing the cookie from being stored on your device by making the appropriate settings in your browser. However, we would like to point out that this no longer guarantees that you will be able to access all functions of this website without restrictions if your browser does not allow cookies. Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP-address) from being sent to and used by Google Inc. by downloading and installing the available browser plug-in HERE. You can also find more information on data use by Google Inc. HERE.

As an extension to Google Analytics, Google Signals can be used on this website to create cross-device reports. If you have activated personalised ads and linked your devices to your Google account, Google can analyse your usage behaviour across your devices and create database models, including cross-device conversions, subject to your consent to the use of Google Analytics. We do not receive any personal data from Google, only statistics. If you want to stop the cross-device analysis, you can deactivate the “personalized advertising” function in the settings of your Google account. Follow the instructions HERE. You can also find more information about Google Signals HERE.

We also use the remarketing function of Google on our website. This Google marketing service allows us to display advertisements for and on our website in a more targeted manner to present users only with ads that potentially match their interests. To carry out the analysis of user behavior when visiting our website, Google uses so-called cookies. For this purpose, Google stores a small file with a sequence of numbers in the browsers of the website visitors. The analysis of user behavior forms the basis for the creation of interest-based advertisements. If you subsequently visit another website in the Google advertising network, you will be shown advertisements that are highly likely to take into account previously accessed product and information areas. This number is used to record visits to the website as well as anonymized data on the use of the website. However, no personal data of the website visitors is stored.  The purpose of Google Remarketing is merely to display advertising that is  relevant to interest. The information collected by Google marketing services about users is transmitted to Google and stored on Google’s servers in the USA.

You can permanently disable the use of cookies by Google by downloading and installing the plug-in provided HERE. 

We also use Google Ads on our website. Google Ads is an online advertising program from Google. Our website uses Google Ads with conversion tracking. This means that in the case of Google AdWords, each AdWords customer receives a different “conversion cookie”. Cookies can therefore not be tracked across the websites of AdWords customers. The information obtained with the help of the cookie or AdWords pixel is used to create conversion statistics for AdWords customers. However, you will not receive any information with which users can be personally identified.

If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can find more information about Google AdWords and Google Conversion Tracking HERE.

We use “Microsoft Advertising,” a service provided by Microsoft Corporation, USA (“Microsoft”), only with your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke your consent at any time. Microsoft Advertising collects data to create pseudonymous user profiles and allows us to track user activities when they reach our website via Bing Ads. A cookie is set that stores, among other things, time spent on the website and interactions. Your IP address is only collected in encrypted form, and a Global UID or user ID may be used. Collected data is transmitted to Microsoft servers in the USA and stored for up to 180 days. You can prevent data collection by adjusting your browser settings or opting out at Microsoft Opt-Out. Microsoft may also use cross-device tracking to display personalized ads across your devices. For more information can be found HERE and HERE.

We also use Google AdSense on our website. We can integrate third-party advertisements based on the Google marketing service “AdSense”. AdSense also uses cookies to enable Google and its partner websites to serve ads based on users’ visits to this website or other websites on the internet. We may also use Google Tag Manager and Google Phone Tracking to integrate and manage Google’s analytics and marketing services on our website. For more information on Google’s use of data for marketing purposes, please click HERE. 

We use so-called session or flash cookies on our website. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user calls up a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after visting another website. In addition, we also use – if you allow this – so-called persistent cookies that are used beyond the session (“cross-session cookies”). These cookies in particular serve to make the internet offer user-friendly, more effective and safer. The user data collected through technically necessary cookies are not used to determine your identity. Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies and these cookies are deleted again when the browser is closed. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated, it may no longer be possible to use all the functions of the website.

We use Nelio A/B Testing to split-test our website. Split testing (or A/B testing) is a marketing technique used to test different variants of a website in order to determine which version converts visitors better. Nelio A/B Testing is operated by Nelio Software, S.L. (C/Pomaret 83, 08017 Barcelona). Nelio A/B Testing uses cookies to conduct split tests and track the actions you take when visiting our website. These cookies do not store any personal information about you and cannot be used to identify you in any way.

Whenever you perform an action relevant to an ongoing test—such as visiting a particular page, clicking on an element, or submitting a form—this event is stored in Nelio’s cloud in accordance with Nelio A/B Testing’s Terms of Service. Please note that Nelio does not store any personal data that could be linked to you, as all collected data is completely anonymous.

For more information about privacy settings related to Nelio A/B Testing, please click HERE.

To optimize our services, we use Lead Forensics on our website, a service provided by Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN, UK.Lead Forensics does not use cookies. When you visit our website, your IP address is collected and transmitted to Lead Forensics, where it is then compared with their own databases in a global database of companies and business information. Personal data such as first name, surname, email address, social profiles and IP address may also be stored here. This data is not compared with the specific IP address. Lead Forensics does not assign the IP address to the personal data stored in the database. As soon as the data has been matched, the IP address is anonymised by Lead Forensics. After the data comparison, we receive the information from Lead Forensics’ database that has been assigned to the IP address in question. This allows us to see who is interested in our products. Lead Forensics provides us with the actual history of your visit to our website. This also includes an overview of all the pages you have visited and how long you have been on this page.

Further information on the processing of data can be found HERE. Insofar as we process personal data in this context, we do so on the basis of our legitimate interests in improving the design of our website and customer acquisition. The legal basis is the protection of legitimate interests in accordance with Article 6(1)(f) GDPR.

We also offer webinars, whitepapers and similar information material on our website for download or live streaming. If you download a file, we process for the purpose of providing the requested webinar or document and, if applicable, for the purpose of contacting and billing. To run our live-webinars, we use the service of GoTo, GoTo Technologies Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D02R573, Ireland. You can find GoTo’s privacy policy HERE.

Wistia 

We use the video-service of Wistia, Inc. 17 Tudor Street, Cambridge, MA 02139, USA (“Wistia“) to embed videos on our website. When the videos are played, a connection to the Wistia servers is made. The following data is collected in the process: Anonymized IP address, access time to the videos you viewed, URL of the videos, type of end device and the operating system and browser used.

If you have a Wistia-account and are logged in on your end device, Wistia can assign the collected information to your user account. You can prevent by logging out of your user account before visiting our website. You can find Wistia’s privacy policy HERE.

Tolstoy

We also use the video-service of Tolstoy Ltd, located at 60 Hasharon St., Ra’anana, Israel (“Tolstoy“) to embed videos on our website. When the videos are played, a connection to the Tolstoy servers is established and certain data such as your IP address may be transmitted. You can find more information about Tolstoy’s processing of your data HERE. 

To subscribe to our newsletter, all you need to do is register via our website with your e-mail address. Our newsletters may contain information about our company, our services and event information. The newsletter registration uses double opt-in. This means that after sending your data, you will receive an e-mail asking you to confirm your registration. We will not pass on your e-mail address to third parties without your consent. You can unsubscribe from the newsletter at any time.

We also use the web analytics tool “Matomo” on our website to perform A/B testing. A/B testing is used to improve the usability and performance of our website. In this way, users are presented with different versions of a website or its elements, such as input forms, on which the placement of content or the labelling of navigation elements may differ. Based on user behaviour, e.g. longer visits to our website or more frequent interactions with the elements, it can then be determined which of these websites or elements better meet the needs of the users.We also use the Matomo Heatmap Module. Matomo’s Heatmap service shows us the areas of our website where the mouse is most frequently moved or clicked. Data entered in forms is not recorded and is not visible at any time.

For more information on Matomo’s terms of use and data protection regulations, click HERE.

We use Unbounce, Unbounce Marketing Solutions, Inc, 400-401 West Georgia Street, Vancouver, BC V6B 5A1, Canada (“Unbounce”) to create landing pages for our website and to optimize our offer. The pages are hosted by Unbounce. This means that the user’s browser communicates directly with Unbounce. For example, the IP address, browser signature, operating system, device type and the date and time of the page visit are transmitted to Unbounce. Cookies may also be set in this context. These cookies are not made accessible by browsers across domains, i.e. they are not passed on to third parties, and the data is only made available to us in anonymised form so that we cannot draw any conclusions about individual persons. Further information on Unbounce’s privacy policy can be found HERE.

Our website is operated with WordPress, 60 29th Street #34, San Francisco, CA 94110, USA, one of the leading content management systems (CMS) for creating and managing websites. WordPress uses cookies to improve user-friendliness and to enable certain functions. WordPress can also collect various types of data to optimize the website experience. When you visit our website, WordPress automatically collects information of a general nature, which is stored in the server log files. This includes, among other things, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar information. This information is technically necessary in order to correctly deliver the website content you have requested and is mandatory when using the internet. WordPress uses this data to display our website, to ensure the long-term functionality and security of our information technology systems and to optimize the content of our website. This anonymously collected data and information is therefore analyzed by us both statistically and with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The data is not analyzed for marketing purposes in this context.

WordPress uses cookies to make visiting our website attractive and to enable the use of certain functions. You have the option of preventing or restricting the installation of cookies by selecting the appropriate settings in your browser. Cookies that have already been saved can be deleted at any time. This can be done in the browser settings. Please note that if you deactivate cookies, you may not be able to use all the functions of this website to their full extent.

For more information on data processing by WordPress, click HERE.

We use prospecting to target potential customers on our platform and services. For this purpose, we utilize the services of Cognism Limited, First Floor, Holborn Gate, 330 Holborn, London WC1V 7QT, United Kingdom (“Cognism”). Cognism helps us find and reach potential customers. The following data may be provided and used for this purpose:

• Name

• Employer and company details

• Location (country and city)

• Business phone number

• Business email address

In accordance with Article 6(1)(b) GDPR, we use the aforementioned data if the data subject intends to enter into a contract with us or has already done so, or if the intention is apparent (through user behavior). The use of this service is also based on Article 6(1)(f) GDPR. ecosio has a legitimate interest in identifying potential customers to expand its customer base and optimize advertising. If consent has been obtained (e.g., consent to store cookies, data entered by the data subjects at the provider with consent for the data to be shared), the processing is based on Article 6(1)(a) GDPR; consent can be withdrawn at any time.

Your personal data, which you provide, will generally be stored and retained by Cognism within the European Economic Area (EEA) or the United Kingdom. Data processing is based on the GDPR and the European Commission’s adequacy decision for the United Kingdom under Article 45(3) GDPR. Further information on data processing by Cognism can be found HERE. You also have the option to object directly to the data processing by Cognism (opt-out): https://www.cognism.com/de/daten-opt-out.  

We use Plerdy on our website based on your consent given in the cookie manager in accordance with Article 6(1)(a) GDPR. Plerdy is a service provided by Plerdy, Vodohinna 2/321 in Lviv, Lvivska 79017, Ukraine. This service offers features for website analytics, including so-called heatmaps, anonymized video recordings of website usage, as well as associated data collection of clicks, scrolls, and mouse movements that website users make during their visit to the pages. Plerdy itself does not record videos, take screenshots, or access information that users enter on the website. Therefore, we only receive aggregated data, which is necessary to monitor user behavior, but never personal data. Thanks to this analysis, we can create a type of heatmap of our website that highlights the areas that receive the most attention or generate the most engagement, thereby improving the operation of our website.

Plerdy collects non-identifiable information, such as browser type, preferred language, and the date/time of website visits. Plerdy can also track which pages of the services are the most popular or most frequently clicked. In the video recordings made during visits to our website, the recording of data from fields is automatically blocked or anonymized and is therefore not visible to anyone. Further information on Plerdy’s data protection can be found HERE.

We also use Arcade on our website, which helps to enhance the interactive experience on our website and other digital platforms. The provider of this tool is Arcade Software Inc., 333 Bush St., San Francisco, California, 94104 USA. It enables us to create and embed interactive content, such as tutorials and walkthroughs, into our products and services. We use Arcade to provide interactive and engaging content directly on our website or within our products. To ensure the security and privacy of our users, we implement Arcade using iframe technology. This approach ensures that all hosting, editing, and data processing activities related to Arcade content occur on Arcade’s secure platform.

Arcade may collect certain information, including but not limited to usage data (e.g., how you interact with the embedded content), device information, and other technical data. We do not collect or process any personal data from your interaction with Arcade content. However, if personal data is provided to us via Arcade (e.g., through feedback forms within the Arcade content), we will handle it in accordance with our general privacy policy. Further information on data processing and Arcade’s privacy policy can be found HERE.

We use Facebook social sharing plugins on our website, which are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. When users interact with the plugins, for example by clicking the Like button or posting a comment, the corresponding information is transmitted from your device directly to Facebook, where it is stored and, in accordance with your privacy settings, becomes visible to other people on this social network. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store the IP address. In addition, Facebook may share aggregate statistics about user activity with third parties such as other users, partners, advertisers and affiliated websites. We have no control over the amount of data collected by this provider when sharing or liking content. The relevant information on Facebook’s privacy policy can be found HERE.

Within our online offer, functions and contents of the service Instagram may be integrated, offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This may include, for example, content such as images, videos or texts and buttons with which users can announce their liking, the authors of the content or subscribe to our posts. You can find the relevant information on Instagram’s privacy policy HERE.

Within our online offer, functions and contents of the service Twitter may also be integrated, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, for example, content such as images, videos or texts and buttons with which users can announce their liking, the authors of the content or subscribe to our posts. If the users are members of the Twitter platform, Twitter can assign the call-up of the above-mentioned content and functions to the user’s profile there. You can find Twitter’s privacy policy HERE. 

Within our online offer, functions and contents of the service LinkedIn may be integrated, offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. This may include, for example, content such as images, videos or texts and buttons with which users can announce their liking, the authors of the content or subscribe to our posts. If the users are members of the LinkedIn platform, LinkedIn can assign the call-up of the above-mentioned content and functions to the user’s profile there. You can find LinkedIn’s privacy policy HERE.

Within our online offer, functions and contents of the service Xing may be integrated, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This may include, for example, content such as images, videos or texts and buttons with which users can make known their liking of the content, the authors of the content or subscribe to our posts. If the users are members of the  Xing platform, Xing can assign  the call-up of the above-mentioned content and functions to the user’s profile there. You can find Xing’s privacy policy HERE. 

YouTube components are integrated within our online offer. YouTube is an Internet video portal where video clips can be viewed, rated, commented on and uploaded free of charge. YouTube is operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA.
YouTube LLC is a company affiliated with  Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you access our website that contains a YouTube video, the corresponding video is loaded from YouTube. Further information on YouTube can be found HERE. Within the framework of this technical procedure, YouTube and Google receive knowledge of which specific website you are visiting. If users are  logged into YouTube at the same time, this information is collected by YouTube and Google and assigned to your YouTube account; this is independent of whether you click on a YouTube video or not. By logging out of their YouTube account, users can prevent YouTube and Google from associating the collected information with their YouTube account. You can find YouTube’s privacy policy HERE. 

Within our online offer, functions and contents of LiveChat may be integrated, offered by LiveChat Inc.,  Attn: 101 Arch Street, 8th Floor, Boston, MA 02110, USA. This may include e.g. contents from chats. This content is also sent to us by e-mail and and will be stored. The privacy policy of LiveChat can be found HERE. 

We also use the services of so-called lead generation tools. Lead generation is a term from marketing. A lead is a qualified prospective customer who, on the one hand, is interested in a company or a product and, on the other hand, provides the advertiser with his address and similar contact data (lead = data record) for a further dialogue and is therefore very likely to become a customer. Generating high-quality leads is a fundamental task for acquiring new customers. Address data of potential interested parties can be generated online and offline for specific target groups and these purposes are also our legitimate interest in data processing according to Art 6 (1) lit f GDPR.

We use the “LinkedIn Lead Generation” service as a lead generation tool. LinkedIn uses forms for lead generation and functions and content of the LinkedIn service, offered by LinkedIn AG, Dammtorstraße 29-32, 20354 Hamburg, Germany, can be integrated. If the users are members of the LinkedIn platform, LinkedIn can assign the call-up of the above-mentioned content and functions to the user’s profile there. The privacy policy of LinkedIn can be found HERE.

We use the Pardot Marketing Automation System (“Pardot MAS“) of Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot“) on our website. Pardot is a special software for recording and evaluating the use of a website by its visitors. Insofar as Pardot LLC processes personal data, the processing is carried out exclusively on our behalf and in accordance with our instructions. We have ensured Pardot LLC’s compliance with the provisions of the GDPR via an individual agreement with Pardot LLC. When you visit our website, Pardot MAS records your click path and uses it to create an individual usage profile. Cookies are used for this purpose, which allow your browser to be recognized. If you agree to this the first time you use our website by confirming the so-called cookie acceptance banner, you also agree to the use of cookies by Pardot.

You can revoke your consent at any time with effect for the future. In addition, you can deactivate the creation of pseudonymized usage profiles at any time by configuring your internet browser so that cookies from the domain “pardot.com” are not accepted. However, this may lead to certain restrictions in the functions and user-friendliness of our offer. Further information on the privacy policy of Pardot LLC can be found HERE.

At trade fairs or other events organized by ecosio, we regularly collect visitor data. We collect data to send out information material on our products and services, for the preparation of individual offers for potential customers or for processing enquiries. The collection of data is voluntary and only with the consent of the respective person. 

If you receive a job offer from us as a candidate, we may conduct a background check on you. For this purpose, we use the service of CREDENCE Background Screening Limited, 160 London Rd, Sevenoaks TN13 1BT, United Kingdom (“Credence”). Background checks are only conducted if permitted by the laws of the location where the position is based. We limit the checks to what is necessary and appropriate for the position being offered to you. The legal basis for this is that we must take the necessary steps before an employment contract between us can be established. Further information about the background checks can be found HERE and in Credence’s privacy policy.

The ecosio status page is a website that displays the status of our services. Through updates, the status page gives users insights into planned maintenance windows, faults or outages and the general operationality of the systems. The status page enables us to communicate transparently and proactively with our customers. The website can be reached at https://ecosio-status.com/.

To provide and operate the status page, we use the services of incident.io, a provider that enables streamlined communication during operational incidents. incident.io processes the data necessary to deliver these services on our behalf and in accordance with Art. 28 GDPR. No personal data is passed on to third parties for advertising or other purposes. To meet high data protection standards, the ecosio status page relies on EU-based servers. Further information can be found HERE.

Users of the status page can subscribe to email updates by providing their email address and may select which status information they wish to receive. Processing is carried out exclusively on EU-based servers, and no personal data is shared with third parties.

The primary contact persons of our customers are automatically included in the mailing list for status and service notifications, as this information is necessary for the provision of our services and therefore does not require separate consent.

The mailing list is used exclusively to communicate information on service availability, disruptions, and outages. It is not used for newsletter or marketing purposes.

3.1 Gong

As part of our sales activities, we use the service “Gong,” provided by Gong.io Inc., 265 Cambridge Ave, Suite 60717, Palo Alto, CA 94306, USA. We use Gong to record, transcribe, and analyze video conferences, phone calls, and emails between our sales representatives and our customers. Gong’s service is used exclusively with your consent. You can find Gong’s privacy policy HERE.

3.2 ReadMe

Additionally, in the course of providing our services, we use the service “ReadMe,” provided by ReadMe, 14 Geary St Fl 2, San Francisco, CA 94108. ReadMe is not integrated into our system but is used as a standalone platform where we document our API and provide access to our customers and partners. In this process, personal data such as username and email address are transmitted and stored by ReadMe. You can find ReadMe’s privacy policy HERE.

3.3 Salesforce

We also use Salesforce Sales Cloud to manage our customer data. The provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich (“Salesforce”). Salesforce is a CRM system that enables us to manage existing and potential customers as well as customer contacts, and to organize sales and communication processes. The use of the CRM system also allows us to analyze our customer-related processes. Customer data is stored on Salesforce’s servers. In this process, personal data may also be transferred to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. The use of Salesforce is based on Article 6(1)(f) GDPR. If corresponding consent has been obtained, processing is carried out solely on the basis of Article 6(1)(a) GDPR. Consent can be withdrawn at any time. Further information and Salesforce’s privacy policy can be found HERE.

3.4 Material Security

We use Material Security, Inc. (“Material Security”) as an external service provider to support our cybersecurity measures, in particular for the protection and monitoring of cloud productivity systems. In the course of providing these services, Material Security may process certain technical information as well as security-related data on our behalf.

Material Security acts as a data processor within the meaning of the GDPR. The processing of personal data by Material Security is based on a corresponding data processing agreement. We ensure that Material Security implements appropriate technical and organisational measures to protect personal data in accordance with applicable data protection laws. Personal data is only transferred to Material Security to the extent necessary for the provision of the respective services. Further information on Material Security’s privacy policy can be found HERE.

You can request confirmation from us as to whether and to what extent personal data relating to you is being processed by us. If such processing is taking place, you can request information from us.

You have a right of rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

You may request the restriction of the processing of personal data concerning you under the following conditions: 

• if you dispute the accuracy of the personal data relating to you for a period of time that enables us to verify the accuracy of the personal data; 
• the processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of the personal data; 
• we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims, or 

if you have objected to the processing pursuant to Art 21 (1) GDPR and it has not yet been determined whether our legitimate grounds override your grounds. If the processing of personal data relating to you has been restricted, this data may – apart from being stored – only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State. If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

You can request that we delete the personal data concerning you without delay. Please note that we are only obliged to delete it if we process it unlawfully or the processing disproportionately interferes with your legitimate interests in protection. In addition, there are legally recognized reasons that prevent immediate deletion, e.g. the fulfilment of a legal obligation – such as legally regulated retention obligations or the assertion of legal claims.

If we have made personal data of yours public in the course of our activities and we are obliged to delete it pursuant to Art 17 (1) GDPR, we shall of course, taking into account the available technology and the implementation costs, take appropriate measures to inform third parties that you, as the data subject, have requested the deletion of all personal data.

If you have made a right to rectification, erasure or restriction of processing to us, we are obliged to notify all recipients to whom the personal data relating to you has been disclosed of the rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent (Art 6 (1) (a) or Art 9 (2) (a) of the GDPR) or on a contract pursuant to Art 6 (1) (b) of the GDPR and the processing is carried out with the help of automated processes.

You have the right to object at any time, on grounds relating to your situation, to the processing of personal data concerning you which is carried out based on Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. We shall no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the revocation.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision (1) is necessary for the conclusion or performance of a contract between you and the controller, (2) is permitted by Union or Member State law to which the controller is subject and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or (3) is made with your explicit consent. 

Regarding the cases referred to in (1) and (3), we shall take reasonable measures to safeguard the rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a person from ecosio, to express your point of view and to contest the decision.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of judicial remedy.